-Caveats:
- * Requires a gpg patch for now, until 2 bugs are fixed:
- http://bugs.debian.org/252917 gnupg: --with-colons and --edit delsigs
- http://bugs.debian.org/254072 gpg should flush stdout before prompting in --edit
-
-Discussion:
-
-Since we do not upload the new signatures, or import them into our
-main keyring, the signature only gets public if:
- - the email address is valid
- - the person reading the email can decrypt the mail (if it was sent
- encrypted).
-
-Therefore we achieve the same level of security as common Challenge
-Repsonse systems like CABot, without all the extra hassle of those
-systems.